Installing the QRadar Incident Forensics software on a virtual machine
After you create your virtual machine, you must install the IBM® QRadar® software on the virtual machine.
Restriction: Resizing logical volumes by using a logical volume manager (LVM) is not supported.
- In the left navigation pane of your VMware vSphere Client, select your virtual machine.
- In the right pane, click the Summary tab.
- In the Commands pane, click Edit Settings.
- In the left pane of the Virtual Machine Properties window, click CD/DVD Drive 1.
- In the Device Status pane, select the Connect at power on check box.
- In the Device Type pane, select Datastore ISO File and click Browse.
- In the Browse Datastores window, locate and select the product ISO file, click Open and then click OK.
- After the product ISO image is installed, right-click your virtual machine and click
Log in to the virtual machine by typing root for the user name.
The user name is case-sensitive.
Ensure that the End User License Agreement (EULA) is displayed.
Tip: Press the Space bar to advance through the document.
On the Select the Appliance ID page, choose the QRadar Incident
Forensics component to
- For distributed installation, select 6000 QRadar Incident Forensics Processor.
- For stand-alone deployments, select 6100 QRadar Incident Forensics Standalone.
- For the type of setup, select normal.
Follow the instructions in the installation wizard to complete the installation.
The following table contains descriptions and notes to help you configure the installation.
Table 1. Description of network settings Network Setting Description
Fully qualified domain name
Secondary DNS server address
Public IP address for networks that use Network Address Translation (NAT)
Email server name
If you do not have an email server, use localhost.
The password must meet the following criteria:
- Contain at least 5 characters
- Contain no spaces
- Can include the following special characters: @, #, ^, and *.
After you configure the installation parameters, a series of messages are displayed. The installation process might take several minutes.
If you aren't installing IBM QRadar Incident Forensics Standalone, see Adding a QRadar Incident Forensics managed host to QRadar Console.